As past intelligence operatives our initial response is of course you need to find out out who is responsible for the attack. Not only does it provide useful information on unknown vulnerabilities, but if the attack results in litigation having the ability to identify a bad actor might support your defense.